Attention Network Admins!!!
Thread Starter
|
Senior Member
Joined: Jun 2005
Posts: 112
Likes: 0
From: 34.509°N & 114.326°W
Attention Network Admins!!!
Help me please!!!
We had a power outage last weekend and come to find out, my PDC Emulator/ALL FSMO Role Holder (Win2K Domain) doesn't like being on backup power.
So, in a pinch, I seized all of the FSMO roles to another DC, and got the domain back up and running when the power came back up. Now, the server is running like a top, but I can't plug it back in to the domain, because IT still thinks it holds all of the FSMO roles and I can't afford problems on the domain today (We have a new client in house today and tomorrow).
I need to remove all of the FSMO roles off of this server WITHOUT connecting it to the domain. I also need to remove AD from it and make it know that it is just a MEMBER and not a DC or GC...
TIA,
Dan (BRUZRs_Daddy)
We had a power outage last weekend and come to find out, my PDC Emulator/ALL FSMO Role Holder (Win2K Domain) doesn't like being on backup power.
So, in a pinch, I seized all of the FSMO roles to another DC, and got the domain back up and running when the power came back up. Now, the server is running like a top, but I can't plug it back in to the domain, because IT still thinks it holds all of the FSMO roles and I can't afford problems on the domain today (We have a new client in house today and tomorrow).
I need to remove all of the FSMO roles off of this server WITHOUT connecting it to the domain. I also need to remove AD from it and make it know that it is just a MEMBER and not a DC or GC...
TIA,
Dan (BRUZRs_Daddy)
Senior Member
Joined: Jan 2003
Posts: 2,079
Likes: 0
From: Pikesville, MD
Try these links...
http://www.petri.co.il/transferring_fsmo_roles.htm
http://www.chicagotech.net/ad.htm
Why demote it?
and why without a network connection?
http://www.petri.co.il/transferring_fsmo_roles.htm
http://www.chicagotech.net/ad.htm
Why demote it?
and why without a network connection?
Thread Starter
|
Senior Member
Joined: Jun 2005
Posts: 112
Likes: 0
From: 34.509°N & 114.326°W
Originally Posted by vader716
Why demote it?
Originally Posted by vader716
and why without a network connection?
STUPID DELLS...
Last edited by BRUZRs_Daddy; Sep 13, 2006 at 12:54 PM.
Thread Starter
|
Senior Member
Joined: Jun 2005
Posts: 112
Likes: 0
From: 34.509°N & 114.326°W
Originally Posted by dzervit
Here's a wacky thought... if your stable right now then wait a few days until the new client is gone, then jack things up. Why F with it now?
Senior Member
Joined: Jan 2003
Posts: 2,079
Likes: 0
From: Pikesville, MD
You only have one DC?
Why not transfer the roles back to the stable unit and leave the unstable one as your backup...better than only have one DC.
I would never have just one DC that is very risky.
Why not transfer the roles back to the stable unit and leave the unstable one as your backup...better than only have one DC.
I would never have just one DC that is very risky.
Trending Topics
Senior Member
Joined: Jul 2006
Posts: 242
Likes: 0
From: Phoenix
Plug it in and see what happens! Then let us know how it goes.
What's the worst that could happen? Won't they just fight over the roles, until you remove it from the DC that now has all of them? Or just remove the roles from the troubled DC and then put it back on the network.
What's the worst that could happen? Won't they just fight over the roles, until you remove it from the DC that now has all of them? Or just remove the roles from the troubled DC and then put it back on the network.
Thread Starter
|
Senior Member
Joined: Jun 2005
Posts: 112
Likes: 0
From: 34.509°N & 114.326°W
Originally Posted by vader716
You only have one DC?
Why not transfer the roles back to the stable unit and leave the unstable one as your backup...better than only have one DC.
I would never have just one DC that is very risky.
Why not transfer the roles back to the stable unit and leave the unstable one as your backup...better than only have one DC.
I would never have just one DC that is very risky.
Thread Starter
|
Senior Member
Joined: Jun 2005
Posts: 112
Likes: 0
From: 34.509°N & 114.326°W
Originally Posted by vader716
So why not just demote it than?
I'm confused where the issue is?
I'm confused where the issue is?
Senior Member
Joined: Jan 2003
Posts: 2,079
Likes: 0
From: Pikesville, MD
Originally Posted by BRUZRs_Daddy
It won't successfully run dcpromo. Or do I tell it that "This is the last domain controller in the domain"?
Thread Starter
|
Senior Member
Joined: Jun 2005
Posts: 112
Likes: 0
From: 34.509°N & 114.326°W
Originally Posted by vader716
You could do that providing it isn't on the network...
Senior Member
Joined: Oct 2004
Posts: 406
Likes: 0
From: The Internet
The "best practice" thing to do at this point would be to blow away the original server and rebuild it.
There are warnings about bringing a DC back online that held FSMO roles, once those roles have been seized.
There are warnings about bringing a DC back online that held FSMO roles, once those roles have been seized.
Senior Member
Joined: Oct 2004
Posts: 406
Likes: 0
From: The Internet
From Here: http://support.microsoft.com/kb/255504/
A domain controller whose FSMO roles have been seized should not be permitted to communicate with existing domain controllers in the forest. In this scenario, you should either format the hard disk and reinstall the operating system on such domain controllers or forcibly demote such domain controllers on a private network and then remove their metadata on a surviving domain controller in the forest by using the ntdsutil /metadata cleanup command. The risk of introducing a former FSMO role holder whose role has been seized into the forest is that the original role holder may continue to operate as before until it inbound-replicates knowledge of the role seizure. Known risks of two domain controllers owning the same FSMO roles include creating security principals that have overlapping RID pools, and other problems.